One of my Travis build tests have started to fail with the following error:
The conflict is caused by:
The user requested idna==3.1
requests 2.25.1 depends on idna<3 and >=2.5
To fix this you could try to:
1. loosen the range of package versions you've specified
2. remove package versions to allow pip attempt to solve the dependency conflict
However, this runs fine on my local machine. For example:
(venv) C:\Users\Asus\PycharmProjects\elastic-migrate>tox -e py38
GLOB sdist-make: C:\Users\Asus\PycharmProjects\elastic-migrate\setup.py
py38 create: C:\Users\Asus\PycharmProjects\elastic-migrate\.tox\py38
py38 installdeps: -rrequirements.txt
py38 inst: C:\Users\Asus\PycharmProjects\elastic-migrate\.tox\.tmp\package\1\elastic-migrate-0.1.0.dev126+g8e5eb23.zip
py38 installed: appdirs==1.4.4,atomicwrites==1.4.0,attrs==20.3.0,certifi==2020.12.5,cfgv==3.2.0,chardet==4.0.0,click==7.1.2,click-log==0.3.2,codecov==2.1.11,colorama==0.4.4,coverage==5.3.1,distlib==0.3.1,elastic-migrate @ file:///C:/Us
ers/Asus/PycharmProjects/elastic-migrate/.tox/.tmp/package/1/elastic-migrate-0.1.0.dev126%2Bg8e5eb23.zip,filelock==3.0.12,flake8==3.8.4,identify==1.5.10,idna==2.10,importlib-metadata==3.3.0,iniconfig==1.1.1,jsonschema==3.2.0,mccabe==0.
6.1,more-itertools==8.6.0,nodeenv==1.5.0,packaging==20.8,pluggy==0.13.1,pre-commit==2.9.3,py==1.10.0,pycodestyle==2.6.0,pyfakefs==4.3.3,pyflakes==2.2.0,pyparsing==2.4.7,pyrsistent==0.17.3,pytest==6.2.1,pytest-cov==2.10.1,pytest-mock==3
.4.0,PyYAML==5.3.1,requests==2.25.1,requests-mock==1.8.0,setuptools-scm==5.0.1,six==1.15.0,SQLAlchemy==1.3.22,toml==0.10.2,tox==3.20.1,urllib3==1.26.2,validator-collection==1.5.0,virtualenv==20.2.2,wcwidth==0.2.5,zipp==3.4.0
py38 run-test-pre: PYTHONHASHSEED='473'
For reference:
This has started happening since I've tried to add python 3.9 support to the project, and pyup has upgraded the dependencies subsequently. As I've dug about it a little, I've found that there are others facing the same issues. However, I am unable to find a satisfactory way to go about it. What is the recommended way to handle tox environment dependencies better? One requirements.txt file doesn't seem to be the right way of doing it.
Historically, pip didn't have a proper dependency resolver. So, if you asked it to install a package without any version flag, you’d be getting the newest version of the package, even if it conflicts with other packages that you had already installed.
However, with pip 20.3, this changes, and now pip has a stricter dependency resolver. Pip will now complain if any of your sub-dependencies are incompatible.
As a quick fix, you can pin your idna version in your requirements.txt to 2.05. As a longer-term solution, you can adopt a tool like pip-tools where you will be able to pin your top-level dependencies in a requirements.in file and run a pip-compile command to generate the requirements.txt file. This way there will be an explicit delineation between the top-level dependencies and the sub-dependencies. Also, the tool will resolve the sub-dependency conflicts for you.